CCleaner
Attacking the Weakest Link in the Supply Chain
3 min read
What Just Happened?! Millions invested in the latest security technologies? Check. Your team trained on information security best practices? Check. Passed a third-party review of your security architecture? Check. So, how the hell were hundreds of your servers’ hard drives just destroyed by malware within minutes?! That’s exactly what your CEO, your Board and your […]
Disassembler and Runtime Analysis
1 min read
This post was authored by Paul Rascagneres. Introduction In the CCleaner 64bit stage 2 previously described in our blog, we explained that the attacker modified a legitimate executable that is part of “Symantec Endpoint”. This file is named EFACli64.dll. The modification is performed in the runtime code included by the compiler, more precisely in the […]
CCleaner Command and Control Causes Concern
1 min read
This post was authored by Edmund Brumaghin, Earl Carter, Warren Mercer, Matthew Molyett, Matthew Olney, Paul Rascagneres and Craig Williams. Note: This blog post discusses active research by Talos into a new threat. This information should be considered preliminary and will be updated as research continues. Introduction Talos recently published a technical analysis of a backdoor which was included with version 5.33 of the CCleaner […]